International Cooperation Disrupts Multi-Country Cyber Theft Ring

October 01, 2010

FBI National Press Office(202) 324-3691

The FBI and international law enforcement, working in an unprecedented partnership, have disrupted a large-scale, international organized cybercrime operation active in several countries that resulted in numerous search warrants and arrests.

Operation Trident Breach began in May 2009, when FBI agents in Omaha, Nebraska, were alerted to automated clearing house (ACH) batch payments to 46 separate bank accounts throughout the United States. Agents quickly realized the scope of the crime and partnered with local, state, and federal partners, cybercrime task forces, working groups, and foreign police agencies in the Netherlands, Ukraine, and the United Kingdom to bring those responsible to justice.

The cyber thieves targeted small- to medium-sized companies, municipalities, churches, and individuals, infecting their computers using a version of the Zeus Botnet. The malware captured passwords, account numbers, and other data used to log into online banking accounts. This scheme resulted in the attempted theft of $220 million, with actual losses of $70 million from victims’ bank accounts.

“No one country, no one company, and no one agency can stop cybercrime,” said FBI Director Robert S. Mueller, III. “The only way to do that is by standing together. For ultimately, we all face the same threat. Together, the FBI and its international partners can and will find better ways to safeguard our systems, minimize these attacks, and stop those who would do us harm.”

Assistant Director Gordon M. Snow of the FBI’s Cyber Division said, “During this investigation, the FBI worked closely with our overseas counterparts to identify subjects who were instrumental in the development and control of the malicious software, those who facilitated the use of malware, and those who saw a means to make quick, easy money—the mules.”

“The skill, dedication, and expansive cooperation provided by our local, state, and federal law enforcement partners in the U.S. and in the Netherlands, Ukraine, and United Kingdom were crucial to the success of this effort,” Snow said. “The FBI appreciates the financial industry working groups and public-private partnerships that work tirelessly to inform the American public about this criminal threat and provide recommendations on how businesses can protect themselves.”

The multi-agency partnership, including support from Internet security researchers, gave law enforcement the opportunity to gather intelligence about this scheme and significantly disrupt the activities of cyber criminals and money mules who took part in these crimes.

The Federal Bureau of Investigation, including the New York Money Mule Working Group, the Newark Cyber Crime Task Force, the Omaha Cyber Crime Task Force, the Netherlands Police Agency, the Security Service of Ukraine, the SBU, and the United Kingdom’s Metropolitan Police Service participated in the operation.

Pim Takkenberg, team leader of the National High-Tech Crime Unit, Netherlands Police Agency, said: “The National High-Tech Crime Unit’s involvement in this international operation is representative of the commitment that the KLPD and the National Prosecutor’s Office have made to the fight against cyber crime in addition to the need for worldwide cooperation among all partners.”

In a previously issued statement, Deputy Chief Inspector Terry Wilson from the Metropolitan Police Central e-Crime Unit, said: “We believe we have disrupted a highly organized criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm, which of course, banks have had to repay at considerable cost to the economy.”

The FBI and the Ukrainian SBU have forged a strong partnership to target cyber criminals around the world. The SBU has combined its technical and investigative expertise with the FBI in joint pursuit of organized cyber criminals who inflict damage to international financial infrastructure. On September 30, 2010, the SBU detained five individuals who were key subjects responsible for this overarching scheme. Additionally, eight search warrants were executed by approximately 50 SBU officers and its elite tactical operations teams.